Newletter February 13th 1997

FOR IMMEDIATE RELEASE
13 February 1997
Local contact: Germano Caronni, gec@acm.org
[This press release originated from Melanie Harper]
THOUSANDS OF COMPUTERS JOIN TO CRACK THE HARDEST CRYPTOGRAPHIC CHALLENGE EVER
Loosely organized international group checks a record 162082778549251
keys in 13 days to find correct solution
ZURICH: More than 5000 computers connected via the Internet have broken
the most difficult cryptographic challenge ever solved, in just over
thirteen days. The challenge was one of a series of cryptographic
challenges recently offered by RSA Data Security, Inc., a U.S. firm which
produces cryptographic software.
The Internet group's successful attempt on the challenge, which is the
second record-breaking cryptographic challenge solution within the last
two weeks, demonstrates in a dramatic fashion that many encryption systems
- -- such as those commonly used on the Internet, in electronic commerce,
and in so-called "Smart Cards" -- can be broken with relative ease using
modern computing techniques.
The challenge was solved by a loosely organized group of individuals from
around the world who banded together to create a project known as the
"Distributed Internet Crack." The group was begun by Germano Caronni,
member at the Swiss Federal Institute of Technology in Zurich and quickly
grew to include hundreds of people, from commercial as well as academic
sites, who worked at a furious pace to write and optimize the necessary
software and then run it on thousands of computers simultaneously. The
group never met in person but communicated via email. Continuously
updated pages on the World-wide Web, available in four different
languages, provided the latest information and progress reports.
The Distributed Internet Crack first attacked the easiest of RSA's
challenges. The group solved this challenge in 3 1/2 hours, only minutes
after another group submitted the correct answer. After coming so close
to winning the first challenge, the group decided to take on the second
one, hundreds of times as difficult. The challenge required that up to
281474976710656 different keys be checked.
By putting the power of thousands of powerful and not-so-powerful
computers together via the internet, the second challenge was solved on
Monday, February 10th, a little over thirteen days after it was issued.
The successful completion of the challenge broke new ground in several
ways: Besides cracking the hardest key ever, the event also brought
together the most computers ever working on a single Internet project
(over 5500 computers were operating simultaneously at one point, and over
10,000 computers joined in the project at one time or another), and
produced the most cryptographic keys ever checked per second in an openly
publicized effort (over 440 million keys per second at peak, and an
average of 140 million keys per second over the entire project).
If the group would have re-attacked the 40 bit challenge with the
computing power it had at the end of this effort, that key would
have been broken within 45 minutes.
The group is now planning to attempt another challenge issued by RSA, this
time aimed at the DES cipher, which has been used in American and other
financial institutions for many years.
References:
RSA Data Security Secret-Key Challenges:
http://www.rsa.com/rsalabs/97challenge/
Team Web Pages: http://www.klammeraffe.org/challenge/
http://www.ee.ethz.ch/challenge/ and others.
Software: ftp://ftp.tik.ee.ethz.ch/pub/projects/dic/
IRC: #challenge
Preliminary Web page for DES challenge: http://fh28.fa.umist.ac.uk/~des/
Note: Both long numbers in this document have exactly 15 digits.

From: fritsch@fsinfo.cs.uni-sb.de (Lothar Fritsch)
Date: 03 Feb 1997 22:30:53 GMT
Subject: Press Release: RSA Crypto Challenge
Organization: Internet
*** PRESS RELEASE ***
February 3, 1997
Code breaking in the Internet - thousands of computers join.
Hundreds of users on the Internet have put their computers together to
build one of the most powerful codebreaking efforts ever. They are
trying to prove the inadequate strength of today's common encryption
algorithms.
Zrich/Saarbrcken/Internet. Encryption is of importance far beyond
miliitary and government business. Credit card and home banking
security as well as corportate communication is encrypted to avoid
uncontrolled access to critical data. But how safe are these encryption
methods? Exactly this is currently being tested. Germano Caronni at
"Eidgenssische Technische Hochschule Zrich" - a Switzerland Polytechnic
- wrote a software package coordinating a large number of independent,
code-breaking agents in the Internet by sending them parts of the
crypto-problem so solve. Along with the software release messages to
the Usenet News, Internet Relay Chat and cryptographic and computer
security mailing lists calling for participation were distributed. Any
person connected to the Internet can download the agent software and
join in.
The project's background is RSA Inc.'s Cryptochallenge. RSA wants to
demonstrate the lack of security in the soon-to-be-law encryption
methods favoured by the US government. Many governments prohibit the
use of secure cryptography for reasons of national security. RSA is
even prohibited from exporting safe cryptogtaphy software outside the
United States.
On January 28, 1997, 17:00 CET the competition started and the group
coordinated by Germano Caronni started up almost 1200 computers, which
in turn broke the simplest of the code problems published by RSA within
less than 4 hours - with resources available to any sophisticated
college student. Exactly this level of security is the maximum level
software exported from the United States of America provides. This
includes common and widespread software like Microsoft products,
Netscape Navigator and others.
Then the group moved to the 48-bit key - a problem 256 times as
difficult as the solved one. Meanwhile, participants optimized the
software, ported it to new platforms including Windows and exotic Unix
derivates and excellent programmers wrote optimized machine language
code for several platforms increasing the computational power of the
software by up to 40 percent. Now the whole system increased its
efforts to 100 million tested keys per second - and still participation
is increasing due to the joining in of more and more participants from
the Internet.
A remarkable feature is that the the distributed software does not
"steal" computer time - all the agent software is running in
"background" mode, none of the participating computers is blocked by
the computation. The software simply uses idle time - for example the
time between two of a programmers' keystrokes on a keyboard. The system
uses computer time that otherwise would go unused and wasted.
What is going to happen to the $5000 prize in case ther group is going
to be the first to break the code? Germano Caronni: "I suggest to
donate to the Gutenberg project." The Gutenberg project is a
noncommercial internet library storing royalty-free full text versions
of literature free for every Internet user to read or download.
As of now, the code breaking experiment is still in progress. Anybody
who is willing to join in can get the necessary information on the
project's Web page: http://www.klammeraffe.org/challenge/ Two more
weeks of ongoing code breaking are expected.
--
Lothar Fritsch
fritsch@fsinfo.cs.uni-sb.de
http://fsinfo.cs.uni-sb.de/~fritsch/